Mandatory two-step verification

Increased security measures for Cal State LA accounts to fight hackers


This image was made by Camille Jessie through Canva using Sketchify elements.

A new update from the University’s technology department has made 2-step verification mandatory for all faculty and student MyCalStateLA accounts, starting today for faculty and March 24 for students. This requires students and staff to use a secondary mobile device to verify their identity each time they log in.

This move was made by the University in an effort to increase online security and ensure that students and staff accounts are safe from hackers if they are able to obtain your password.

According to the 2-Step Verification page on the University website, any mobile device including a smartphone, tablet, cellphone, or landline telephone will be acceptable devices for the verification.

In order to select the device you would like to use, you must register it to your account after you’ve enrolled for the 2-step verification. Registering multiple devices is also an option if you may not always have access to the same device.

For individuals who do not have access to a secondary device, ITS is offering rentals of tokens, a small device that displays a code that can be used as the second-factor authentication for the verification.

While this requirement will add an extra layer of security to Cal State LA accounts, some faculty and staff members are concerned about their ability to have constant access to the same registered device to log in to their work accounts.

“A lot of staff on campus are concerned about the two-step verification for the same reasons. Our custodians sometimes get new phones, frequently they get burner phones or phones on a cheaper plan, and then they get a new phone,” said Kim Neal, the California State University Employee Union Chapter 311 president and a staff member at Cal State LA. “So it’s more difficult for them to consistently have the same device.”

Neal suggests individuals who do not have consistent access to one device or that do not want to use their personal phone for the verification to rent out the tokens available through ITS. She said she has a token herself and that it has made logging in an easy process for her.

“I press the button and it gives me a code. So, then, I just enter the code and it has a little five-second time limit on it. It’s pretty easy,” said Neal.

A second-year Cal State LA student, Hazel Carias-Urbina, said that she is familiar with the 2-step verification process.

“It’s not an unfamiliar thing. [With] Google, when somebody logs into their account on a different device, it’ll send it to your phone, and be like, ‘Is this you?’,” said Carias-Urbina.

Like Carias-Urbina, pre-psychology major Francisco Luna said that he likes that the university is taking online security seriously despite the inconvenience.

“Sometimes it is a little annoying, trying to log in and needing your phone next to you, but I don’t mind it,” said Luna.

Enrollment for 2-step verification is open now for all students and faculty and will be a requirement for all faculty accounts starting March 10 and for all student accounts on March 24. Requests for tokens can be made by filling out the token request form and submitting it to ITS. MyCalStateLA ID or Portal login is required to make the request.